Prowlarr

Prerequisites

This guide assumes you have the following prerequisites in place:

Prowlarr

Prowlarr is an indexer manager/proxy built on the popular Radarr/Sonarr codebase. It integrates with your existing Sonarr/Radarr setup and allows you to manage all your indexers in one place.

Installation

Create the following directory structure for Prowlarr:

 prowlarr/
 ├── prowlarr.yml
 ├── prowlarr-ingress.yml
 ├── prowlarr-pvc.yml
 ├── prowlarr-svc.yml
 ├── gluetun-secret.yml
 └── gluetun-cm.yml

Add the following content to prowlarr/prowlarr.yml:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: prowlarr
  namespace: arr-stack
spec:
  strategy:
    type: Recreate
  replicas: 1
  selector:
    matchLabels:
      app: prowlarr
  template:
    metadata:
      labels:
        app: prowlarr
    spec:
      initContainers:
      - name: gluetun
        image: qmcgaw/gluetun:v3.41.1
        restartPolicy: Always
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
        envFrom:
        - configMapRef:
            name: gluetun-config
        env:
        - name: OPENVPN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: openvpn-secrets
              key: OPENVPN_PASSWORD
        - name: OPENVPN_USER
          valueFrom:
            secretKeyRef:
              name: openvpn-secrets
              key: OPENVPN_USER
      containers:
      - name: prowlarr
        image: lscr.io/linuxserver/prowlarr:2.3.0
        volumeMounts:
        - name: config
          mountPath: /config
        ports:
        - containerPort: 9696
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: TZ
          value: "Etc/UTC"
      volumes:
      - name: config
        persistentVolumeClaim:
          claimName: prowlarr-longhorn

Add the following content to prowlarr/prowlarr-ingress.yml:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: prowlarr-ingress
  namespace: arr-stack
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-cloudflare
    traefik.ingress.kubernetes.io/router.middlewares: tools-authelia@kubernetescrd
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
  ingressClassName: traefik
  tls:
  - hosts:
    - prowlarr.example.com
    secretName: prowlarr-tls
  rules:
  - host: prowlarr.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: prowlarr-service
            port:
              number: 9696

Add the following content to prowlarr/prowlarr-pvc.yml:

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: prowlarr-longhorn
  namespace: arr-stack
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 1Gi
  storageClassName: longhorn

Add the following content to prowlarr/prowlarr-svc.yml:

---
apiVersion: v1
kind: Service
metadata:
  name: prowlarr-service
  namespace: arr-stack
spec:
  selector:
    app: prowlarr
  ports:
    - protocol: TCP
      port: 9696
      targetPort: 9696

Add the following content to prowlarr/gluetun-secret-tmp.yml:

---
apiVersion: v1
kind: Secret
metadata:
  name: openvpn-secrets
  namespace: arr-stack
type: Opaque
data:
  OPENVPN_USER: <base64-encoded-openvpn-username>
  OPENVPN_PASSWORD: <base64-encoded-openvpn-password>

Encrypt the gluetun-secret-tmp.yml file using Sealed Secrets and save the output as prowlarr/gluetun-secret.yml:

kubeseal -o yaml < prowlarr/gluetun-secret-tmp.yml > prowlarr/gluetun-secret.yml && \
rm prowlarr/gluetun-secret-tmp.yml

Add the following content to prowlarr/gluetun-cm.yml:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: gluetun-config
  namespace: arr-stack
data:
  VPN_SERVICE_PROVIDER: "surfshark"
  SERVER_COUNTRIES: "Netherlands"
  HTTPPROXY: "ON"
  FIREWALL_OUTBOUND_SUBNETS: "192.168.1.0/24,10.42.0.0/16,10.43.0.0/16"
  DNS_ADDRESS: "8.8.8.8"

Commit and push the changes to your Git repository.